You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ri...@apache.org on 2009/10/28 16:33:08 UTC
svn commit: r830599 -
/qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java
Author: ritchiem
Date: Wed Oct 28 15:33:08 2009
New Revision: 830599
URL: http://svn.apache.org/viewvc?rev=830599&view=rev
Log:
QPID-2041: remove use of FileUtils.copyCheckedEx for security reasons, generate new file in same filesystem as existing file to avoid copying between filesystems
Modified:
qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java
Modified: qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java
URL: http://svn.apache.org/viewvc/qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java?rev=830599&r1=830598&r2=830599&view=diff
==============================================================================
--- qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java (original)
+++ qpid/branches/0.5.x-dev/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java Wed Oct 28 15:33:08 2009
@@ -40,6 +40,7 @@
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
+import java.util.Random;
import java.util.concurrent.locks.ReentrantLock;
import java.util.regex.Pattern;
@@ -428,7 +429,15 @@
BufferedReader reader = null;
PrintStream writer = null;
- File tmp = File.createTempFile(_passwordFile.getName(), ".tmp");
+
+ Random r = new Random();
+ File tmp;
+ do
+ {
+ tmp = new File(_passwordFile.getPath() + r.nextInt() + ".tmp");
+ }
+ while(tmp.exists());
+
tmp.deleteOnExit();
try
@@ -528,30 +537,26 @@
old.delete();
}
- try
- {
- if(!_passwordFile.renameTo(old))
- {
- FileUtils.copyCheckedEx(_passwordFile, old);
- }
- }
- catch (IOException e)
+ if(!_passwordFile.renameTo(old))
{
- _logger.error("Could not backup the existing password file: " +e);
- throw new IOException("Could not backup the existing password file: " + e);
+ //unable to rename the existing file to the backup name
+ _logger.error("Could not backup the existing password file");
+ throw new IOException("Could not backup the existing password file");
}
-
- try
+
+ if(!tmp.renameTo(_passwordFile))
{
- if(!tmp.renameTo(_passwordFile))
+ //failed to rename the new file to the required filename
+
+ if(!old.renameTo(_passwordFile))
{
- FileUtils.copyCheckedEx(tmp, _passwordFile);
+ //unable to return the backup to required filename
+ _logger.error("Could not rename the new password file into place, and unable to restore original file");
+ throw new IOException("Could not rename the new password file into place, and unable to restore original file");
}
- }
- catch (IOException e)
- {
- _logger.error("Could not copy the new password file into place: " +e);
- throw new IOException("Could not copy the new password file into place: " + e);
+
+ _logger.error("Could not rename the new password file into place");
+ throw new IOException("Could not rename the new password file into place");
}
}
finally
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org